ESCA/LPT: EC-Council Certified Security Analyst

This course is already delivered, please contact us for the next available session tel:+357 22 44 14 92Course Outline in PDF

Overview:

ECSA is a security class like no other! Providing real world hands on experience, it is the only in-depth Advanced Hacking and Penetration Testing class available that covers testing in all modern infrastructures, operating systems and application environments.

EC-Council’s Certified Security Analyst program is a highly interactive 5-day security class designed to teach Security Professionals the advanced uses of the available methodologies, tools and techniques required to perform comprehensive information security tests.

Students will learn how to design, secure and test networks to protect your organization from the threats hackers and crackers pose. By teaching the tools and ground breaking techniques for security and penetration testing, this class will help you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure. As students learn to identify security problems, they also learn how to avoid and eliminate them, with the class providing complete coverage of hacking and network security-testing topics

Outline:

Module 1 - Penetration Testing Methodologies

•Understand how to structure and organize security tests
Understand the five stages of a common penetration test attack methodology
Analyze the tactical application of each phase
The Open Source Security Testing Methodology Manual (OSSTMM)
•Get an overview of The Security Map and sections of the OSSTMM
•Learn about an OSSTMM certified security test
•Understand what is a complete and valid OSSTMM security test
•See how the OSSTMM addresses privacy law compliance
•Learn how the OSSTMM addresses “Best Practices” compliance
The NIST Methodology
•See an overview of the NIST Four-Stage Penetration Testing methodology
•See escalation of privileges according to the NIST methodology
Learn about the course methodology
•Learn about the methodology followed in this course
Learn about malicious hackers methodologies
•Review a common malicious hacker attack methodology
•Examine methodological variants

Module 2 - Test Planning and Scheduling

•Estimation of Resources for the Test
•Estimating time and cost of a test
Defining the test scope
•Determination of Test Objectives
Technical Preparation
•Attack network
•Attack workstation
•Gathering tools and exploits
•How to manage confidential data
Rules of Engagement
•Non disclosure agreement
•Liability limitations
•Emergency phone number
•Know the rules of engagement as they pertain to client target networks/systems
Defined Roles of the Involved Personnel
•Review rules of engagement
•Define test conditions
•What should be included in rules of engagement
•Reporting
•Deliverables
•Knowing what results are expected at the end of the test
•Presentation of results

•Attack Vectors
•The Battlefield
•DoS, DDoS, DRDoS
Identify the harm caused to the target system
Analyze the potential vulnerabilities in a system that could be exploited by a DoS attack
Outline the necessary steps to test a system’s strength against a DoS attack
Gathering and documenting the results

•Describe what Social Engineering is
•Principles of social engineering
•Social Engineering Tips
•Type of social engineering attacks
•Define the techniques used to execute Social Engineering
•Social Engineering Goals
•Social Engineering Rules of engagement
•Recognize the threat of Social Engineering
•Outline the methods by which Social Engineering is performed
•Trusted positions enumeration
•Trusted person testing
•Request Testing
•Guided Suggestions
•Phishing
•Security Policies
•Gather and document the test results